Che gli algoritmi A5/1 e A5/3 fossero andati a farsi benedire lo sapevamo già da tempo (http://freeuser.org/gsm-cypher-is-gone-crackato-kaput/) ma come in tutte le vulnerabilità che si rispettino non sempre il fatto in se genera allarmi da Defcon 3.
Tuttavia...
I problemi nascono quando di mescolano:
- un cellulare da 15$ con sopra un firmware opensource (OSMocombb - http://bb.osmocom.org/trac/)
- delle rainbowtable http://srlabs.de/research/decrypting_gsm/
- qualche scheda FPGA
- 3 minuti
- tanto, tanto, tanto ingegno
Slide PDF - http://events.ccc.de/congress/2010/Fahrplan/attachments/1783_101228.27
Want to listen in on cellphone calls or intercept test messages? Well that’s a violation of someone else’s privacy so shame on you! But there are black-hats who want to do just that and it may not be quite as difficult as you think. This article sums up a method of using prepaid cellphones and some decryption technology to quickly gain access to all the communications on a cellular handset. Slides for the talk given at the Chaos Communications Congress by [Karsten Nohl] and [Sylvain Munaut] are available now, but here’s the gist. They reflashed some cheap phones with custom firmware to gain access to all of the data coming over the network. By sending carefully crafted ghost messages the target user doesn’t get notified that a text has been received, but the phone is indeed communicating with the network. That traffic is used to sniff out a general location and eventually to grab the session key. That key can be used to siphon off all network communications and then decrypt them quickly by using a 1 TB rainbow table. Not an easy process, but it’s a much simpler method than we would have suspected.
0 Comment:
Posta un commento